AntFleet

Agent investigation · 0x5f98…dba3

gitlawb_openclaude

1 findingupdated 1 month ago
token0x5f980dcfc4c0fa3911554cf5ab288ed0eb13dba3basescan ↗tweet ↗

SARIF backlog

CodeQL · Snyk · Semgrep

Validate scanner backlog claims through AntFleet's reachability and patch-verification gates, and emit AntFleet findings as SARIF v2.1.0 for GitHub Code Scanning.

1. Export AntFleet findings as SARIF v2.1.0
curl -L https://www.antfleet.dev/api/repos/Gitlawb/openclaude/findings.sarif \
  -o antfleet.sarif
2. Ingest a scanner SARIF (CodeQL / Snyk / Semgrep)

Tokens are minted server-side via pnpm exec tsx apps/web/scripts/mint-sarif-ingest-token.ts and are valid for 5 minutes. Ask the AntFleet team for one bound to your install + repo.

curl -X POST https://www.antfleet.dev/api/repos/Gitlawb/openclaude/sarif \
  -H "Authorization: Bearer $ANTFLEET_SARIF_TOKEN" \
  -H "Content-Type: application/json" \
  --data-binary @"@codeql-results.sarif"
3. Render AntFleet findings on the GitHub Security tab

Drop the customer-owned workflow at /integrations/codescanning.yml into your repo's .github/workflows/ directory. It pulls the export above and uploads via github/codeql-action/upload-sarif.

Finding writeups

openclaude-bench-2026-05-23

Clean review — 0 unanimous findings across bridge, server, and extensibility layers

info1 month ago

What was found

AntFleet's two-model consensus review (Claude Opus 4.7 + GPT-5) ran against 3 PRs on [AntFleet/bench-openclaude](https://github.com/AntFleet/bench-openclaude), covering the bridge/auth/session layer, server/remote/gRPC surface, and plugin/hook/skill extensibility layer.

0 unanimous findings — both models reviewed the code independently and did not agree on any security, bug, or correctness issues across 31 files.

This is a clean review. The bridge layer's JWT handling, session management, trusted device flow, and remote WebSocket sessions passed without consensus flags. The Python smart router and provider discovery scripts also cleared.

A clean result from AntFleet's two-model consensus pipeline means neither Claude Opus 4.7 nor GPT-5 independently flagged the same issue — the bar for a finding is both models agreeing on the same defect.

Evidence